Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Review Windows group policies
Windows group policies are a great way to enforce consistent security and other configurations on the Windows systems on your network. But with the advent of Windows 11, Microsoft has provided some recommendations on a number of group policies that you should not use. Review your group policies to ensure that current and appropriate settings are in place to protect your environment as efficiently and effectively as possible.
Take action: Microsoft releases out-of-band Windows updates
On January 17, Microsoft released an urgent out-of-band (OOB) update for most versions of its operating systems, from Windows Server 2022 all the way back to Windows Server 2008. The OOB update also affects aspects of the Windows 10 and Windows 11 platforms. The patches fix numerous critical bugs introduced in the recent “Patch Tuesday” offering from Microsoft, released January 11, 2022.
Many systems with the original “Patch Tuesday” updates experienced severe operational issues, including domain controllers falling into boot loops; Hyper-V no longer functioning; L2TP VPN connections failing; and resilient file system volumes becoming inaccessible.
If you have been experiencing issues with the recent patches, consider this hot fix as soon as possible; if you have not yet deployed the Patch Tuesday fixes for January 2022, be sure to incorporate this latest information into your testing and deployment plans.
Third party breach leaks sensitive Red Cross data – 515,000 people affected
On January 19, the International Committee of the Red Cross (ICRC) announced that a third-party data storage supplier had been the victim of a cyber attack.
The attack compromised personal data and confidential information collected by the IRC, resulting in the disclosure of data regarding 515,000 “highly vulnerable” individuals, including “those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention. The data originated from at least 60 Red Cross and Red Crescent National Societies around the world,” according to the release. Login information for about staff and volunteers who work on these programs was also compromised in the incident.
In another sobering reminder of the impacts of third party and supply chain, the ICRC found themselves having to shut down selected systems in an effort to reduce the risk of the external attack affecting their own operations. They continue to work to identify workarounds to enable them to continue their humanitarian efforts.
According to the release, the ICRC “has no immediate indications as to who carried out this cyber attack, which targeted an external company in Switzerland the ICRC contracts to store data. There is not yet any indication that the compromised information has been leaked or shared publicly.” The Swiss company breached in the attack has not been identified.
STG announces launch of Trellix, after merger of McAfee and FireEye
On January 19, Symphony Technology Group (STG) announced the launch of a new company called Trellix, resulting from the merger of McAfee Enterprise and FireEye in October 2021.
The new company will focus on extended detection and response (XDR), and promises to accelerate technology innovation through machine learning and automation. Their new suite of products will cover traditional strength areas like endpoint and network infrastructure security, and security operations centres (SOCs) automation, eventually combining applications from the formerly separate companies into an interoperable suite of products for threat prevention, detection, and response.
“The new name evokes the structure of a trellis, a strong and safe framework used to support structured growth of climbing plants and trees. Trellix will deliver its brand promise to build resilient and confident organizations through living security – security technology that learns and adapts to protect operations from the most advanced threat actors,” according to the press release.
“STG is expected to launch the McAfee Enterprise Secure Service Edge (SSE) portfolio as a separate business [in Q1/2022], inclusive of Cloud Access Security Broker (CASB), Secure Web Gateway (SWG) and Zero Trust Network Access (ZTNA),” concluded the announcement.